隨著網際網路應用高速成長與資訊數位化的演進，源自網路的攻擊持續增長，企業需要適合它們特定資訊安全的解決方案，來面對接踵而來的是層出不窮的資訊安全問題。根據「經濟部工業局-跨域資安強化產業推動計畫」委託「工研院產業情報網」（IEK）的研究報告，台灣的資安產業市場規模在西元2022年將有機會達到超越NT$600億/年的規模。目前以資訊安全專業為主要營業項目的公司達340家，然而，由於臺灣本土市場太小，大多數的市場份額都落在網路安全設備、端點防護或是檢測與密碼管理等工具軟體，而這些主流的資安產品（硬體或軟體）多數為國外廠商的天下，因此國內的資安業者多數是代理銷售或是提供技術服務的角色。其中資安檢測鑑識顧問服務（勞務）例：資安檢測、鑑識與顧問等需求的客戶群為政府及八大關鍵基礎設施（油、水、電、醫療、交通、通訊、金融、高科技園區）佔比較重其餘為企業。然而，因資訊安全專業技術知識門檻較高且培育人才不易，所以大部分客戶群針對勞務服務均採委外方式居多，使得資安檢測鑑識顧問服務人力在市場上供不應求，再加上相關業者採購資安檢測鑑識顧問服務時，較多以價格標的方式競合，迫使資安業者為求生存及市場滲透率的關係，不得不採取低價策略進行惡性競爭，使得原本有價值的服務被以極低的價格出售，最後造成勞力付出與收入不成正比的情況，後續衍生公司、部門虧損或人力縮編的狀況。

本研究以資安服務供應商角度，針對資安檢測鑑識顧問服務（勞務）中的滲透測試服務這個部分進行探討，運用質化分析法探討滲透測試專業技術服務如何因應市場環境，選擇或訂定適當的定價策略，以達到服務價值與服務收入的平衡。

With the fast expansion of Internet applications and the emergence of information digitization, Internet-based threats continue to rise. Faced with escalating information security concerns, enterprises seek solutions adapted to their specific data security requirements. According to a report by "Industrial Technology Research Institute, IEK Consulting" commissioned by "Industrial Development Bureau, MOEA (IDB) - Cross-domain Information Security Strengthening Industry Promotion Program," Taiwan's information security industry market size has the potential to exceed in 2022 with the annual scale of $60 billion. There are now 340 companies whose primary business is information security. Due to the small size of the Taiwanese market, the majority of the market share is held by network security equipment, endpoint protection or detection, and password management software. The majority of these mainstream information security products (hardware or software) are contracted by foreign manufacturers, hence the number of domestic information security enterprises function as agents or provide technical services. Among them, the information security testing and forensic consulting service (labour service): the government and the eight critical infrastructures are the client base for information security testing, forensics, consulting, etc (oil, water, electricity, medical care, transportation, communication, finance, high-tech parks) The rest are enterprises. Due to the high threshold of professional and technical understanding of information security and the difficulties of fostering talent, the majority of client groups outsource labour services, resulting in a labour shortage for information security testing and forensic consulting services. In addition, when relevant companies acquire information security inspection and identification consultancy services, they often engage in price bidding competition. This causes the information security business to adopt a low-price approach to conduct a ruthless competition for survival and market dominance, resulting in the sale of the original valued services at quite low prices. In the end, it also results in a scenario in which labour spending is not equal to revenue, which leads to losses in companies, departments, and downsizing of manpower.
From the perspective of information security service providers, this study examines the Penetration Test (PT) component of information security testing and forensic consulting services (labour services) and utilizes qualitative analysis to investigate how penetration testing professional technical services may choose or design suitable pricing strategies in response to market circumstances to establish a balance between service value and service revenue.

文崇一, & 楊國樞. (2000). 訪問調查法. 社會及行為科學研究法下冊. 台北: 東華.
劉怡玲, & 閻蕙群. (2000). 定價聖經. In: 台北: 藍鯨出版.(Dolan, RJ & Simon. H., 2000).
戴國良. (2020). 定價管理. 五南圖書出版股份有限公司.
Herzog, P. (2003). Open-source security testing methodology manual. Institute for Security and Open Methodologies (ISECOM).
Scarfone, K. A., Souppaya, M. P., Cody, A., & Orebaugh, A. D. (2008). Sp 800-115. technical guide to information security testing and assessment. In: National Institute of Standards & Technology.
Williams, J. (2006). Owasp testing guide. In.